Confidentiality, Integrity, and Availability

We live our lives online these days. We shop online, we work online, we chat with friends online, and we play games online. As we live increasingly in a digital world, the need to protect our personal information from being maliciously disrupted or misused by hackers, spyware, spam attacks, and more is becoming ever more important. But we can all help to protect ourselves by getting a grip on cyber security. Cyber security is the protection of systems, networks, and data in cyberspace. There are three guiding principles behind cyber security: Confidentiality, Integrity, and Availability, or CIA. Understanding the CIA triad, which was designed to guide policies for information security within organizations but can help individuals as well, is the first step in helping you to keep your own information safe and keep the bad guys out.

Confidentiality
Confidentiality is about making sure information is restricted so it only reaches its targeted audience and doesn’t fall into the wrong hands. First, data is categorized according to the amount and type of damage that could be done if it were leaked, and then security measures are put in place based on the level of the potential threat. Your bank account data, for example, is more sensitive than your email address, and so online banking security is stronger than accessing your email account. Passwords, data encryption methods, and security tokens are all examples of methods to protect privacy and keep our information confidential.

Integrity
Integrity involves maintaining the consistency, accuracy, and trustworthiness of data. Only authorized people should be able to change data, and we can take measures to make sure information can’t be altered by unauthorized people. In the workplace, this could mean files are set to read-only permissions in certain situations, and user access controls can be put in place in IT systems so access and permitted activities are set according to a person’s job role. For example, you wouldn’t be given access to view or change the payroll systems in a company unless you worked in the finance department.

Availability
Availability is about making sure information is available to read and use whenever we want. This involves ensuring hardware is working well and repaired when needed, system upgrades are kept up to date, and the operating system environment is functioning as it should. Thinking of the worst-case scenarios can help you appreciate the notion of “availability” and plan accordingly. Imagine a flood or fire damages your computer, for example—would you be prepared for the consequences? Backing up your data frequently and having a disaster recovery plan could help should the worst ever happen.